Eric Romang discovered that Heartbeat would create temporary files with predictable filenames. This could allow a local attacker to create symbolic links in the temporary file directory pointing to a valid file on the filesystem which could lead to the file being overwritten by the rights of the user running the vulnerable script.